3.3 and 3.4 branches not well maintained
Hi, I completed my list of vulnerabilities. It helps to track if a vulnerability has been fixed in all security maintained branches. http://python-security.readthedocs.io/vulnerabilities.html Currently, the following branches are maintained for security: 2.7, 3.3, 3.4, 3.4, 3.5 and 3.6 https://docs.python.org/devguide/#status-of-python-branches I looked at the 5 latest vulnerabilities, and we didn't backport fixes to all maintained branches: Issue #28563: 3.3 backported, no release yet CVE-2016-2183: 3.3 and 3.4 not fixed yet <==== https://bugs.python.org/issue27850#msg275073 CVE-2016-1000110 3.3 backported, no release yet CVE-2016-0772 3.3 needs backport <==== Issue #26657 3.3 and 3.4 need backport <==== Maybe a 3.3 release may be needed as well. Victor
On Feb 21, 2017, at 13:07, Victor Stinner
I completed my list of vulnerabilities. It helps to track if a vulnerability has been fixed in all security maintained branches. http://python-security.readthedocs.io/vulnerabilities.html
Currently, the following branches are maintained for security: 2.7, 3.3, 3.4, 3.4, 3.5 and 3.6 https://docs.python.org/devguide/#status-of-python-branches
I looked at the 5 latest vulnerabilities, and we didn't backport fixes to all maintained branches:
Issue #28563: 3.3 backported, no release yet CVE-2016-2183: 3.3 and 3.4 not fixed yet <==== https://bugs.python.org/issue27850#msg275073 CVE-2016-1000110 3.3 backported, no release yet CVE-2016-0772 3.3 needs backport <==== Issue #26657 3.3 and 3.4 need backport <====
Maybe a 3.3 release may be needed as well.
Have you contacted the 3.3 and 3.4 release managers about this? -- Ned Deily nad@python.org -- []
I created pull requests. When 3.3 and 3.4 are needed, I began with 3.4
to see how things are going.
2017-02-21 19:07 GMT+01:00 Victor Stinner
Issue #28563: 3.3 backported, no release yet CVE-2016-2183: 3.3 and 3.4 not fixed yet <==== https://bugs.python.org/issue27850#msg275073
https://github.com/python/cpython/pull/224 (I started with 3.4)
CVE-2016-1000110 3.3 backported, no release yet CVE-2016-0772 3.3 needs backport <====
https://github.com/python/cpython/pull/225
Issue #26657(only 3.4 yet) 3.3 and 3.4 need backport <====
participants (2)
-
Ned Deily
-
Victor Stinner